This topic describes how to use Cloud Security Scanner to detect vulnerabilities in your website assets, including how to add assets, create scan tasks, and view scan results.

Prerequisites

If your website is protected by a security monitoring system, such as Web Application Firewall (WAF) or Security Operations Center (SOC), you must add the CIDR block of the scan engine of Cloud Security Scanner to the whitelist of WAF or SOC to make sure that scan tasks run properly.

For more information about the CIDR block of Cloud Security Scanner, see Cloud Security Scanner FAQ.

Procedure

  1. Log on to the Cloud Security Scanner console.
  2. In the left-side navigation pane, click Scan Targets.
  3. Add an asset
    1. On the Targets page, click Add Asset.Add Asset
      Note Alibaba Cloud assets can be automatically associated with Cloud Security Scanner. For more information, see Add assets.
    2. On the Add Asset page that appears, specify the asset that you want to add.Asset
    3. You can click the Asset Tag drop-down list to select or create a tag for the asset. The asset is displayed under the specified tag.
      Note If the tag that you want to use does not exist, press Enter to create a new one.
      Asset Tag
    4. Click Add.
      After you add the asset, you can find it under the specified tag.Add
  4. Quickly create a scan task
    1. On the top of the Scan Targets page, click Scan. The Create Scan Task page appears.Scan
    2. On the Create Scan Task page, set the following parameters:Create Scan Task
      • Scan Target: You can select an existing tag. The system scans all assets under the specified tag.
      • Effective Period: Specify the time period during which you allow Cloud Security Scanner to scan your assets.
      • Scan Type: You can select Immediately, Scheduled Task, or Periodic Task.
      Note For more information about the parameters, see Create scan tasks.
    3. Click Create.
      After you create the scan task, Cloud Security Scanner creates an instance for the task. You can view all scan tasks on the Scan Tasks page. You can enter the task name, IP address, or domain to search for a specific task instance.Scan Tasks
      Note Fuzzy search is supported.
  5. View task instance details

    After the scan task is completed, you can view the task instance details and scan results on the Task Instances page.

    1. In the left-side navigation pane, click Task Instances to go to the Task Instances page. All task instances are listed on this page.Task Instances
    2. You can click the instance name or scan target in the TaskInstances/Targets column to go to the Instance Details page. The instance details are listed on this page.Instance Details
    Note You can also click Generate and Download in the Report column on the Task Instances page to generate and download security assessment reports. For more information, see the Manage task instances section in the Manage scan tasks topic.